[version_1.0]

Note

The exercises in this course will have an associated charge in your AWS account. In this exercise, you will create the following resources:

AWS X-Ray traces
Amazon API Gateway REST API caching (optional)

This exercise includes instructions to delete all the resources that you create in the exercises.

Familiarize yourself with AWS X-Ray pricing, Amazon API Gateway pricing, and the AWS Free Tier.

Exercise 6: Optimizing the Application

In this exercise, you enable AWS X-Ray on the ListDragons AWS Lambda function. You view those traces, and then enable X-Ray on API Gateway.

Next, you can optionally enable API caching in API Gateway. With API Gateway caching, you will make fewer requests to your backend AWS Lambda functions. Using this feature optimizes for latency, and potentially for cost (when you factor in the costs of your backend infrastructure).

Task 1: Updating Lambda roles

In this task, you add additional permissions to your Lambda roles. The ListDragons function will send traces to the X-Ray service, so the AWSXrayWriteOnlyAccess policy must allow these requests.

In the console, open the AWS Identity and Access Management (IAM) dashboard.
In the navigation pane, choose Roles.
In the Search box, enter dragons.
In the search results, choose the dragons-read-lambda-role link.
Select Add permissions > Attach policies.
In the Search box, enter AWSXrayWriteOnlyAccess and press Enter.
In the search results, select AWSXrayWriteOnlyAccess.
Choose Attach policies.

Task 2: Adding X-Ray to the Lambda function

In this task, you will update your ListDragons Lambda function to integrate the tracing features of X-Ray.

In the AWS Cloud9 or local IDE terminal, list the contents of the ListDragons source directory.
```
ls ~/python-dragons-lambda/ListDragons/
```
In the AWS Cloud9 or local IDE, open the listDragons.py source file. If you are using AWS Cloud9, you can open the file from the terminal. In the terminal, choose listDragons.py and select Open.

Open option in the menu for listDragons.py
Locate the line of code that imports the JSON library: import json. Immediately after this line, add the following code and save the file.
```
from aws_xray_sdk.core import patch_all

patch_all()
```
This code imports the X-Ray SDK for Python, and makes a call to patch_all() to patch all supported libraries. You can learn more about the patching process in Patching libraries to instrument downstream calls in the AWS X-Ray Developer Guide.

In the terminal, change to the ListDragons directory, and install the X-Ray SDK.

cd ~/python-dragons-lambda/ListDragons
pip3 install -t package aws-xray-sdk

Create a new .zip package for the updated ListDragons function, and update the function in Lambda by using the following AWS CLI command: aws lambda update-function-code.

cd package
zip -r ../pythonlistDragonsFunction.zip .
cd ..
zip -g pythonlistDragonsFunction.zip listDragons.py
aws lambda update-function-code  --function-name ListDragons --zip-file fileb://pythonlistDragonsFunction.zip

Now, you configure the Lambda function.

In the console, open the Lambda dashboard and make sure that you are on the Functions page.
Choose the ListDragons Lambda function, and then choose the Configuration tab.
On the left menu, choose Monitoring and operations tools, and then choose Edit.
Under AWS X-Ray, enable Active tracing.
Choose Save.
Choose the Test tab.
Generate some trace data by choosing Test a few times.

Task 3: Viewing the X-Ray traces

In this task, you will use the X-Ray console to view the traces from your ListDragons function.

In the console, open the X-Ray dashboard.
In the navigation pane, choose Traces. By default, it will display traces that were captured in the past 5 minutes.
From the Trace list, choose a trace.

You should see a trace map that X-Ray built from the requests in your application.

Request trace map for ListDragons

Trace map request information

Task 4: Enabling X-Ray tracing in API Gateway

In this task, you will enable X-Ray tracing in your Amazon API Gateway REST API. You should be able to see a full trace of the application, originating from a browser request.

In the console, open the API Gateway dashboard.
Choose your DragonsApp API.
In the API navigation pane, under API: DragonsApp, choose Stages.
In the Stages navigation pane, choose the prod stage.
On the right, in the prod Stage Editor, choose the Logs/Tracing tab.
Select Enable X-Ray Tracing and choose Save Changes.
Visit the URL for your Dragons application. If you don’t have it bookmarked, the URL will be https://<MY-BUCKET>.s3.amazonaws.com/dragonsapp/index.html. Replace <MY-BUCKET> with the unique bucket that you created previously.

The application remembers your Dragons endpoint, Amazon Cognito domain, and Amazon Cognito client ID. If they aren’t available, you can retrieve them from previous exercises.
In the web application, choose Login. The login flow will update the Amazon Cognito ID token in your application.
After you complete the login, choose List and then choose GET /dragons.
In the console, return to the X-Ray dashboard.
In the navigation pane, choose Traces.

You should see the most recent traces. Note that the traces now contain the details that were added by X-Ray, such as HTTP method, URL, and client IP address.

Trace list

Task 5: (Optional) Enabling REST API caching in API Gateway

This final exercise includes instructions to delete all the resources created in the exercises.

Note

API Gateway caching is no longer eligible for the AWS Free Tier. This task is optional.

In this task, you will enable caching in your API Gateway stage. You can observe the benefits of caching by inspecting X-Ray traces after you enable the cache.

In this example, you will cache the results of the ListDragons function for 5 minutes. Thus, your clients will potentially see data from up to 5 minutes ago.

For the Dragons application, the sightings are infrequent. However, the List Dragons screen shows significant activity, so you have decided to experiment with caching.

In the console, open the API Gateway dashboard.
Choose your DragonsApp API.
In the API Gateway navigation pane, under API: DragonsApp, choose Stages.
In the Stages navigation pane, choose the prod stage.
On the Settings tab, under Cache Settings, select Enable API cache.
For Cache capacity, select 0.5GB.
Choose Save Changes.

It takes a few minutes to create the cache instance for API Gateway. Refresh the page every few minutes until you see the Cache status on the Settings tab change to AVAILABLE.
Return to your Dragons application, and choose the GET /dragons button several again.
In the console, return to the X-Ray dashboard.
Observe the most recent traces that you initiated from the Dragons application. Sort the traces by age so that you can compare them.

Trace list after caching
Compare the earliest trace and the most recent trace.

The earliest trace includes the calls to your backend Lambda functions, which were used to populate the cache.

Earliest trace

The most recent trace shows you a request that was served from your API Gateway cache.

Most recent trace

Task 6: Deleting all lab resources

Congratulations! You have successfully completed the course project.

In this task, you will log in to your AWS account as an administrator and delete the AWS resources that you created for this project.

If needed, log in to the console as an administrator.
Delete the API Gateway DragonsApp API.
- Open the Amazon API Gateway dashboard.
- In the navigation pane, choose APIs.
- Delete the DragonsApp API and confirm the deletion.
Delete the Amazon Cognito domain and user pool that you created.
- Open the Amazon Cognito dashboard.
- Choose Manage User Pools, and then choose dragons-pool.
- In the navigation pane, under App integration, choose Domain name
- Choose Delete domain and confirm the deletion.
- In the navigation pane, choose General settings.
- Choose Delete pool and confirm the deletion.
Delete the S3 bucket for the Dragons application.
- Open the Amazon Simple Storage Service (Amazon S3) dashboard.
- Delete the bucket that ends with -dragons-app and confirm the deletion. You must empty the bucket before you delete it.
Delete the IAM policies that you created.
- Open the IAM dashboard.
- In the navigation pane, under Access management, choose Policies.
- Filter the policies to show Customer managed policies.
- Delete the following policies, and confirm their deletion.
  - BuildingModernAppsPolicy
  - dragons-apig-policy
  - dragons-read-policy
  - dragons-readwrite-policy
  - Starts with: LambdaInvokeScopedAccessPolicy-
  - Starts with: SnsPublishFullAccessPolicy-
  - Starts with: XRayAccessPolicy-
Delete the IAM roles that you created.
- In the IAM navigation pane, choose Roles.
- Search for dragons.
- Delete the following roles, and confirm their deletion.
  - dragons-apig-role
  - dragons-read-lambda-role
  - dragons-readwrite-lambda-role
  - Starts with: StepFunctions-DragonsStateMachine-role-
Delete the Lambda functions for the Dragons application.
- Open the Lambda dashboard.
- Delete the following functions and confirm their deletion.
  - AddDragon
  - ValidateDragon
  - ListDragons
Delete the AWS Cloud9 development environment for this project.
- Open the AWS Cloud9 dashboard.
- Delete the Python-DevEnv environment and confirm the deletion.
Delete the parameters that you stored in the AWS Systems Manager Parameter Store.
- Open the Systems Manager dashboard.
- In the navigation pane, under Application Management, choose Parameter Store.
- Delete the dragon_ parameters and confirm their deletion.
  - dragon_data_bucket_name
  - dragon_data_file_name
Delete the AWS Step Functions state machine that you created.
- Open the Step Functions dashboard.
- Delete DragonsStateMachine and confirm the deletion.